SYSTEM AND METHOD FOR PERSONALIZATION OF SMART 

CARDS 



The present invention is related to a method and system for 
personalization of smart cards, especially when the collection 
and creation of the personalization data objects and the 
personalization of smart cards take place at different 
locations . 



BACKGROUND OP THE INVENTION 



Increasing numbers of organizations which issue transaction 
cards to their users, customers, or employees require cards 
tailored to meet the requirements of their particular service 
or application. These organizations also want the cards to 
contain data about the cardholder. Existing transaction cards 
encode such data in a magnetic stripe on the back of the card 
but the amount of data that can be held by a magnetic stripe 
is limited. A new type of transaction card (so called smart 
cards) embeds a microprocessor computer chip in the plastic of 
the card to greatly increase the card's data storage capacity. 
Additionally, sophisticated card applications specific to the 
card issuer can execute in certain varieties of the chips, and 
the chip may also contain a type of operating system. 
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Transaction cards with embedded chips are referred to in the 
industry as portable programmed data carriers, more commonly 
called "smart cards" (the term „smart card" used in the present 
invention also covers any programmed data carrier used in any 
portable device, like handy, digital personal assistant etc., 
to securely hold subscriber specific information) . The chip ir 
a smart card is programmed with initialization and/or 
personalization data. 



The initialization data comprises three major types of 
information: application data, security data, and printed 
data. The application data is common to all cards for a given 
card application and includes application program code and 
variables. The security data prevents fraudulent use of the 
card and is usually provided in the form of "secure keys". 

Smart cards are also programmed with information specific to 
an individual cardholder through a process called 
"personalization". The personalization information for a smart 
card is similar to the personalization information currently 
contained on non- smart cards, such as the cardholder's name, 
account number, card expiration date, and so on. Because of 
its increased storage capacity, the chip in a smart card can 
contain additional data beyond the basic information on the 
standard transaction card including a graphical representation 
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of the individual's signature, data defining the types of 
service the cardholder is entitled to, and account limits for 
those services. 

Personalization of a smart card normally requires that the 
card issuer collects the personalization data and prepares the 
personalization records in specific data files. The 
personalization records are in a format, that depends on the 
card personalization program, preferably used at the 
personalization side, e.g. by the card manufacturer. 

Each personalization record for a smart card contains at least 
data objects concerning the smart card holder and additionally 
a smart card identifier (id) . 

An example for a typical structure of a personalization record 
is as follows: 



Smart card ID, surname, name, street, zip, city 

Another part of the personalization data is the description o 
which address the data objects of each personalization record 
is written into the EEPROM of the smart card. This descriptio: 
is called personalization table. 
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An example of the personalization table is as follows 



69 13 /* Record type */ 
6A OD /* Record length */ 
6B A608 /* Personalize EEPROM */ 
6D 00 /* Protection: None */ 
6E 00 /*P2 */ 
6F 06 /* Data length in command */ 

70 027A /* Data address */ 
72 0004 /* Data length in personalization data set */ 
74 0000 /* Index in personalization data set */ 
76 9000 /* Good return code */ 



The personalization table contains the smart card commands to 
personalize data objects on a specific address and 
additionally an index pointing to a column within the 
personalization record. 



The personalization record and personalization table are sent 
to the personalization side on a tape, floppy disk or via 
network . 



The personalization side transfers the personalization records 
using personalization table with the personalization program 
to the smart card. This is done by generating smart card type 
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specific APDUs (Application Protocol Data Units) using 
personalization table and merging the respective data object. 
The APDUs are sent to the operating system of the smart card. 

The personalization program must be configured for different 
card operating systems to communicate to different smart card 
types . 



Thus for each set of card in mass production, a static file 
layout for the data objects to be personalized is given. 
Inside the static file, there are dedicated addresses where 
data objects are to placed. 

To personalize data objects on a smart card, a static file 
layout for these data objects is given. 

Changing objects, e.g. changing size of a data object to be 
personalized, require a change of the static file layout of 
the personalization program. This will generate effort by the 
smart card issuer because the personalization tables and 
personalization records must be changed, too. 

Personalization of different data objects is difficult. Each 
set of cards have the same static file structure and requires 
the same file structure layout of the personalization program. 
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No decentralized personalization is possible without the 
personalization program. 

Personalization data cannot be tested in a real application 
environment . 

In summary, a smart card issuing system must be tailored to 
meet the requirements of a specific card application that will 
be programmed on a specific type of smart card under the 
control of a specific card operating system and to format the 
data for the card to be compatible with a specific type of 
personalization 

equipment chosen to issue the card. The entire issuing system 
must be re-configured whenever any one of these variables 
(issuer application, smart card/ card operating system, and/or 
personalization equipment) is changed, increasing the time and 
cost incurred by the issuer of the card in delivering 
personalized smart cards to its customers. 

Furthermore, the smart card issuing systems in use today 
utilize a proprietary approach developed by either the card 
manufacturer or the personalization equipment manufacturer. To 
encourage sales of their respective cards or equipment, each 
manufacturer develops a unique personalization solution for a 
particular card application, and each solution is specific to 
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a particular card issuer. 

These unique solutions are intended to optimize performance of 
the cards or equipment and thus do not permit a more 
inclusive, generalized personalization process that accepts 
any card operating system and/or work with any personalization 
equipment . 

US Patent No. 6014748 discloses a smart card personalization 
system which contains a database containing card issuer data 
format templates, card applications, card operating systems 
commands, and personalization equipment specification and 
provides a centralized interface of inputs and outputs to a 
card issuing process which dynamically adjusts to changes in 
the issuing process to easily permit a card issuer to change 
data formats, card applications, card operating systems and/or 
personalization equipment in the card issuing process. The 
system interfaces to any card issuer management system, 
manages transfer of cardholder data and card applications to 
the particular personalization equipment used, maintains 
statistics for real-time and off-line inquiries to support 
critical management and reporting functions. A disadvantage of 
such system is that personalized smart cards may only be 
tested in their application environment when the 
personalization of the smart card is already finished. Errors 
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in the personalization process may require several insertions 
of the respective smart card into the reader and repeating the 
personalization process again. This may be very time consuming 
and expensive. 

Furthermore data objects used within the personalization 
process are not concurrently provided by the smart issuer side 
to the personalization side with the result that the 
personalization process can take some time requiring several 
insertions of the smart card into the reader. This may be also 
very time consuming and expensive. 

Summary of the invention 

It is therefore an object of the present invention to provide 
an improved method and system for personalization of smart 
cards avoiding disadvantages of the prior art personalization 
systems . 

This object is solved by the features of the independent 
claims. Preferred embodiments of the present invention are 
laid down in the subclaims. 

The present invention discloses a system and method for 
personalization of smart cards by using virtual smart cards 



DE920000050US1 



8 



(VSC) containing all data objects (card holder specific data 
objects) required to personalize real smart cards. The VSC is 
a software implemented version of a real smart card providing 
the equivalent functionality of a real smart card. The VSC is 
generated and used by a VSC control program handling the 
generation, the security and the read/write process of the 
VSC. 

VSCs being generated by the VSC control program having a 
logical file structure comprising a public area, a private 
area, a secure key area, password area, and an unique 
identifier area. The data objects contained in the public area 
having no access restrictions, data objects placed into the 
private area are encrypted and can be accessed by using a 
password, and the data objects placed into secret key area are 
encrypted and only accessible by the VSC control program. Each 
VSC may be addressed by unique identifier (ID) . Card holder 
specific data objects being preferably stored in the same 
format on a storage media, e.g. database, are transferred into 
the assigned area of the defined file structure of the VSC by 
using the VSC control program (personalized VSC) . Thus, the 
personalized VSC as well as their assigned ID and passwords 
are accessible via the personalization side considering that 
the access of the IDs and the password is accomplished via a 
secure channel. At the personalization side, already pre- 
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initialized real smart cards having the same defined logical 
file structure as their assigned VSCs are personalized by a 
personalization program reading the data objects of the VSCs 
and using smart card specific commands for writing the data 
objects into the EEPROM of the real smart card. An main 
advantage of the present invention is that the personalization 
data contained in the VSC may be tested in the application 
environment before personalized real smart card is already 
available. Changes to the data objects set can be done without 
amending the personalization program. 

Brief description of the drawings 

In the following, an implementation of the invention is 
described with reference to the drawings, in which: 

Figure 1 shows a standard method for personalization of smart 

cards used in the prior art systems; 

Figure 2 shows the basic file structure of the virtual smart 

card (VSC) used by the present invention for 
personalization of real smart cards; 

Figure 3 shows the steps for creating of a virtual smart card 

at the card issuer side according to the present 
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invention; 

Figure 4 shows the steps for transferring the data objects 

contained in the virtual smart card to the real 
smart card at the personalization side according to 
the present invention; 

Figure 5 shows the basic steps for personalization of a real 

smart card by using a virtual smart card according 
to the present invention; and 

Figure 6 shows a flow- chart of the overall process of 

personalization of a real smart card by using a 
virtual smart card created at the smart card side 
and transferred to and used at the personalization 
side according to the present invention. 

Detailed Description of the Invention 

Figure 1 shows the basic method of personalization of smart 
cards as applied by the prior art personalization systems. 
Normally, a smart card issuer (2) collects card holder 
specific data, prepares a personalization record (4) and sends 
the record (4) to the card manufacturer (8) transferring the 
personalization records (4) by means of a personalization 
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program (6) into the real smart cards (10) . 

Figure 2 shows a logical file structure of a virtual smart 
card (VSC-1) used for personalization of a real smart card 
according to the present invention. This VSC (1) is preferably 
generated at the card issuer side having access to the card 
holder data objects. However it is not excluded that card 
holder data objects may be accessed by any other institution. 
Preferably all card holder data objects are stored on a data 
base in the same format. 

The logical file structure of the VSC(l) is defined by the 
following data areas : 

a public area in which public data objects having no 
access conditions are placed (4), e.g. Certificate (6) or 
address (8) 

a private area in which private objects being encrypted 
are placed; private objects may only be accessed 
providing a password (10), e.g. account no (12) or key 
information (14) . 

a secret key area in which key objects being encrypted 
are placed; key objects are not accessible however they 
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can be used by the VSC control program (16), e.g. private 
key for signing (18) 

a password area in which password being encrypted is 
placed (20) 

a unique identifier area in which an unique identifier 
for identifying a VSC is placed (2) 

The VSC file (1) may be built preferably as a dedicated file 
with variable length. Within that variable record file, the 
length of each data area (2,4,10,16,20) can be varying. The 
unique identifier (2) is preferably contained as part of the 
file header information. Further header information may be: 

- type of file 

- structure of the file 

- length of the file 

- access conditions 

- attribute 

- file hierarchy 

Figure 3 shows the steps for creation a virtual smart card at 
the card issuer side (10) as shown in Figure 2 according to 
the present invention. 
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The smart card issuer (10) creates a virtual smart (VSC - 14) 
for each card holder and transfers the data objects (e.g. 
certificates, personal data, keys) into the assigned data 
areas of the defined VSC file structure (14) . The VSC (14) is 
preferably generated by calling the generate VSC function 
preferably available in the application programming interface 
(API) of the VSC control program (8) . An unique identifier 
(12) and a password are transferred as parameters to the 
assigned defined VSC file structure (14) . The VSC control 
program (8) can generate identical logical file structures 
with identical length of areas or with areas of varying length 
depending on the smart card manufacturer request. In any case 
it must be secured that that each VSC (14) is assigned to a 
real smart having the same pre-initialized defined file 
structure. Thus, an import of the VSC data to a real smart 
card can be guaranteed. 

Each VSC (14) is a data file with an unique identifier (12) 
and has an own password to protect the private data. The card 
issuer preferably has access to a data collecting program (4) 
having access to a data base (2) containing card holder data 
which transfers the cardholder data into the areas of the 
defined VSC file structure by using the write DataObject 
function available in the application programming interface of 
the VSC control program (8) . 
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After the completion of the transfer of data the smart card 
issuer can test the VSC in the application environment. 

After generation of a set of VSC files (16) they are sent to 
the personalization side or smart card manufacturer via 
portable storage media or via network. Furthermore, a set of 
unique identifier and passwords assigned to the set of VSC 
files are also sent to the smart card manufacturer via a 
secure channel . 

Figure 4 shows the steps for transferring the data objects 
contained in the virtual smart card to the real smart card at 
the smart card manufacturer side (2) according to the present 
invention. 

On the personalization or smart card manufacturer side (2) 
each VSC (4) is transferred to the real smart card (6) using a 
personalization program (8) preferably having an interface 
with a VSC control program (10) and a smart card agent program 
(12) to communicate with the real smart card (6) . 

Following steps are performed for each real smart card to be 
personalized: 

Personalization program (8) provides password for the assigned 
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VSC (4) using the login function available in the application 
programming interface of the VSC control program (10) . The 
unique identifier for the VSC (4) and the assigned password 
are transferred as parameters. 

The personalization program (8) reads all data objects placed 
in the areas of the VSC (4) using the readAll DataObjects 
function available in the application programming interface of 
the VSC control program (10) . The unique identifier of the VSC 
(4) and a return buffer is passed as parameters. 

Get the pre -initialized real smart cards (6) having the same 
defined file stiructure as the assigned VSCs (4) 

Generation of the respective APDUs by the smart card agent 
program (12) providing the smart card specific commands for 
writing the data objects into the real smart card (6) 

The generated APDUs are sent via the card reader (not shown) 
to the real smart card (6) where the smart card operating 
system is handling the command. 

Figure 5 shows the basic steps for personalization of a real 
smart card by using a virtual smart card at the card 
manufacturer side according to the present invention. 
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In a first step (1) a set of real smart cards are pre- 
initialized with a logical file structure providing following 
areas of objects: public area, private area, secure key area, 
password and unique identifier. These pre-intialized real 
smart cards have the same logical file structure as their 
assigned VSCs generated and provided by the card issuer. Each 
real smart card has an unique identifier or card serial number 
assigned and card password is set to a transport value only 
known to the card manufacturer. In a second step (2) called 
personalization step all data objects of a personalized VSC 
are transferred to the real smart card and the card password 
is set to an card individual value which will be transferred 
to the card holder via a secure channel . In a third and last 
step (3) called card holder update step the card holder has 
received the real smart card and he has to change the card 
password and may create additional objects on the card 
restricted by the length of areas available by the file 
structure. 

Figure 6 A-B shows a flow-chart of the overall process of 
personalization of real smart cards by using a virtual smart 
card according to the present invention. 

The personalization process as taught by the present invention 
may be divided into two separate process parts namely creation 
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of the virtual smart card with the card holder specific data 
objects preferably at the card issuer side and transferring 
the card holder specific data object contained in the virtual 
smart card into the real smart card preferably at the smart 
card manufacturer or personalization side. 

The creation of the virtual smart card comprising the 
following steps {Fig. 6A) : 

Creating of a set of files (virtual smart card or VSCs) having 
the same logical file structure by a VSC control program , The 
logical file structure comprising a public area, a private 
area, a secret key area , password area, and an unique 
identifier area for addressing the VSC. The length of the 
areas may vary from each set of files (2) , 

i 

Assigning a common password to the set of VSCs by said VSC 
control program (4) . 

Assigning an unique identifier to each VSC by the VSC control 
program. The unique identifier allows to address each single 
VSC (6) . 

Storing all unique identifier and common password for the set 
of VSCs on an internal or external storage media being secured 
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against unauthorized access of third parties (8) , 

Transferring card holder specific data objects into the 
assigned areas of the set of VSCs by the VSC control program 
having access to a data base containing card holder specific 
data . 

All private data objects are preferably created in an 
encrypted form with a message identification code (MAC) . This 
is accomplished by the VSC control program (10) . 

Storing the set of VSCs containing the card holder specific 
data objects on a internal or external storage media (12) . 

Providing a set of VSCs to the smart card manufacturer via 
network (14) . 

The personalization of real smart cards via the set of VSCs 
comprising following steps (Fig. SB) : 

Providing a set of real smart cards having a defined logical 
file structure being identical with the file structure of the 
set of VSCs according to step 7 and having unique identifiers 
or serial numbers being identical with the unique identifier 
or serial numbers assigned to each file of the set of VSCs 
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(18) 



Reading the public data objects of the set of VSCs by the VSC 
and writing those objects into the assigned public area of the 
EEPROM of the real smart card using a card agent generating 
the smart card specific commands (20) . 

Using password by the personalization program and providing it 
to VSC for reading card holder private data objects (22) . 

Generating smart card specific APDUs by the card agent for 
writing the card holder private data objects into the assigned 
private area of the EEPROM (24) . 

Generating an individual password for each real smart card and 
overwriting the common password stored in the real smart card 
with the individual password (26) . 
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